Cross Site Scripting Vulnerability in LibrePhotos by LibrePhotos
CVE-2024-53617

4.8MEDIUM

Key Information:

Vendor: LibrePhotos
Status: LibrePhotos
Vendor: CVE Published:; 2 December 2024

🔔 Create LibrePhotos Vulnerability Alert

What is CVE-2024-53617?

A Cross Site Scripting vulnerability in LibrePhotos allows attackers to exploit the system by uploading a malicious HTML file. This vulnerability occurs due to an Insecure Direct Object Reference (IDOR) in the file upload process, which enables unauthorized access to user accounts. Attackers can craft specially designed HTML content that is executed in the context of the administrative user's session, leading to potential account takeovers. Users are strongly urged to update to the latest version to mitigate this risk.

References

https://github.com/LibrePhotos/librephotos/pull/1476

https://github.com/LibrePhotos/librephotos/commit/32237dd...

https://github.com/ii5mai1/CVE-2024-53617

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 2, 2024
Vulnerability Reserved
Nov 20, 2024

CVE-2024-53617 Data

JSON